back to article Police take just 2 days to recover $40M stolen in business email scam

Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise (BEC) heist, the international cop shop said this week. Interpol was called in after an unidentified Singaporean commodity biz filed a police report on July 23 claiming it had been scammed out of $ …

  1. Pascal Monett Silver badge
    Facepalm

    As usual, improper accounting procedures are to blame

    "asked that the next payment made to it was sent to a new account"

    In a word, no. Not until we have a written letter signed by the CEO defining the new account, and then only when we have made a test transfer and validated that it worked.

    What is it with these new account scams ? I will transfer the money to the account I know. You can transfer it to another account if you so wish.

    Honestly, by now accountants should know that, if the transfer is urgent and the account is unknown, it's a scam. Period.

    1. b0llchit Silver badge
      Facepalm

      Re: As usual, improper accounting procedures are to blame

      You forgot to include the think of the children excuse and the its holiday season excuse. And then, surely, you must know that the Nigerian prince has multiple accounts that have to be used in random sequence to satisfy the evasion strategy of the criminality of taxes in my country. And before you know it, you'll inherit the entire fortune of a rich heir you secretly hoped existed with a small down-payment (with someone else's money).

      Who needs critical thinking when you can look forward to riches beyond your believe!

    2. lglethal Silver badge
      Go

      Re: As usual, improper accounting procedures are to blame

      This stuff really isnt rocket science, I really do not understand how people lose so much this way.

      1) If you receive an email informing you of a change in bank account. You ring the company at the number you already have for them (not the number on the email), and ask them if it's real.

      2) If you receive a call from said firm. Nod along, agree. And then ring them back on the number for the company you already have. And ask them if it's real. (If they give you any crap about ringing them back, explain to them what BEC is and how one phone call removes all doubt. If you didnt ring, maybe they would be the ones going without payment next time).

      3) If you receive an email or call asking you to now pay into a bank account in another country. It's a scam. Dont do it...

      4) If you get an email or even call from "your" CEO (voice changers are a thing). Say Yes, nod along, and then contact your boss to contact the CEO to confirm that yes the transfer is required.

      5) Dont break procedures to rush payments. There will never, ever, ever be a case where failure to transfer money this second will cause the company to lose business. So always check, and double check...

      It's always a good idea to make sure anyone dealing with money transfers is aware of this sort of stuff, but really it is just common sense. But well I guess common sense isnt actually that common...

  2. Mr Humbug

    BEC?

    > The email address from which that request came was slightly misspelled but was convincing enough to trick the employee into sending the funds anyway.

    So did they compromise the suppliers' email system or did they register a similar domain?

    1. GlenP Silver badge

      Re: BEC?

      When we had something very similar they registered a similar domain (a digit 1 instead of a letter l). Fortunately our users are now well trained!

      The domain was blocked as soon as I informed the registrar.

      1. Mr Humbug

        Re: BEC?

        It just seemed that the story was a bit contradictory in the method of stealing the money. First it said it was a business email compromise and then it said they used a similar email address.

        We had a lookalike domain registered, but they weren't using it to attack us, they were using it to make starting a conversation with other organisations seem legitimate so they could send a malicious payload. They even connected the domain to a Google Workspace account. The registrar removed all the DNS entries as soon as I told them, but I couldn't get anywhere with Google.

  3. heyrick Silver badge

    Timor-Leste

    Sounds like Latin for "all your base are belong to us".

  4. druck Silver badge

    It's because it wasn't a crypto scam

    The quick recovery of the money was due to the use of the regulated banking system. Compare and contrast this to frauds facilitated by crypto currency, which have a very poor rates of recovery.

  5. dfsmith

    Compromise vs compromised

    I wonder why the words are almost opposite in meaning.

    compromise = mutual agreement

    compromised = untrustworthy

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like